For distributed archive systems, in light of the availability and security of data, the technology of RAID (Redundant Array Of Inexpensive Disks) has been used in order to protect data from failure of a disk especially. For example, in RAID1 systems, the completely same contents are recorded on two independent disks (mirroring) and when one disk breaks down, data can be picked out from another disk. On the other hand, in RAID3 systems, data is distributed and recorded on n disks, and one of disks is dedicated for recording parities. When one disk breaks down among n disks, the parities can restore the original data from the n−1 remaining disks.
However, in carrying out distributed record of data at archive servers on the Internet, such as cloud computing., due to failure on the Internet, failure of a server, a denial of service attack, etc., a situation when two or more servers cannot be simultaneously accessed may occur, and accordingly RAID systems cannot resolve the data availability and consistency problems, which can cope with the access problem over only one server.
Since the RAID systems in themselves include no data security mechanism for guaranteeing the security of the data archived, it is necessary to use them together with an additional encryption technology, and it becomes as an overhead on an equipment configuration and performance.
Japanese Patent No. 360770 describes an invention in which the secret sharing scheme introduced by SHAMIA (Adi Shamir, How To Share A Secret, Communications Of ACM, 22 (11), 612-613 pages, 1979.) is employed to enable to restore data if k ones among n servers can be accessed, with flexibilities for applying to Internet environment, and to guarantee theoretically that the original data shall not be restored even if date is leaked from (k−1) servers.
However, in the secret sharing scheme of SHAMIA, modular exponentiation calculation having much computational cost is required for each data segments formed by dividing data. Due to that computational cost in addition to restricted capabilities of computers, the length of a data segment is at most thousands of bits, and accordingly that invention is not practical for purpose of archiving large data of more than several megabytes and several gigabytes in view of calculation efficiency.
It is possible to repeatedly archive data segments with redundancy according to a determined secret pattern, but it would be difficult to prove the security. Indeed, the same pattern will occur repeatedly, and it is easily assumed that at least a part of the data will be restored by pattern analysis. As long as the security cannot be proved, it is necessary to use encryption technology additionally, and an overhead on an equipment configuration and performance is raised in the same way as mentioned above.